<?php
/**
 * author: cmondor
 * description: this is the PayPal InstantPaymentNotification script that alerts us of user purchases
 * 
 */
include_once('HTGPage.class.php');

$page = new HTGPage();
/* @var $utils Utils */
$utils = $page->myUtils;

$utils->recordPOST();

$status = $_REQUEST['payment_status'];
$custom = $_REQUEST['custom'];
$itemNum = $_REQUEST['item_number'];
$authKey = session_id();
$procTransId = $_REQUEST['txn_id'];

//$status
//Canceled_Reversal
//Completed
//Created
//Denied
//Expired
//Failed
//Pending
//Refunded
//Reversed
//ReasonCode
//Processed
//Voided

//create purchase attempt
$utils->addPurchaseAttempt($itemNum, $procTransId, $status, $custom, 'p');

//we send this back to PayPal to verify we got it.
//code copied from https://cms.paypal.com/cms_content/US/en_US/files/developer/IPN_PHP_41.txt
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
	// HTTP ERROR
} else {
	fputs ($fp, $header . $req);
	while (!feof($fp)) {
		$res = fgets ($fp, 1024);
		if (strcmp ($res, "VERIFIED") == 0) {
			// check the payment_status is Completed
			// check that txn_id has not been previously processed
			// check that receiver_email is your Primary PayPal email
			// check that payment_amount/payment_currency are correct
			// process payment
		}
		else if (strcmp ($res, "INVALID") == 0) {
			// log for manual investigation
		}
	}
	fclose ($fp);
}

?>